Cisco Blogs
Share
tweet

The Service Provider Security Question

- April 26, 2016 - 2 Comments

I talk to a lot of customers and partners in the Service Provider space, and among the many conversations, I notice a common set of concerns centered around a simple question: have we done all that we can to secure both our own infrastructure and that of our customers? Simple enough question, but the answer is much more complex.

Security is critical both for the Service Provider’s own networks and the services they provide their customers. It’s a key enabler for open and programmable networks that enhances business agility and profitability. The growth in video, mobility, Internet of Things (IoT), and cloud services drive new revenue opportunities and business outcomes. However, these new business opportunities bring new risks and create a larger attack surface that must be defended impacting both the service provider and their customers.

Until now, the only viable approach for service providers to protect their networks has been to deploy multiple point security solutions – in my last blog I wrote about the franken-structures that exist in many environments. Where many of the benefits of additional security capability are lost due to the massive complexity that is incurred as layer after layer of non-unified security technologies are layered onto one other. Massive and expensive over-provisioning of equipment is the norm, in order to handle burstable workloads and ‘absorb’ attacks. This can often provide a false sense comfort that the latest tools were deployed in defense of the business, but without a complete plan for operationalizing the combined system, the actual effectiveness of the new tools will be low and security risks and challenges will persist. The integration cost and time to tie these point solutions together is excessive. Worse, even when integrated, these franken-structures are often very brittle rendering them inflexible and unresponsive to the inevitable changes in the environment. This approach also leaves gaps between various security silos that attackers often exploit. Without a unifying and highly automated way to deploy and manage security services, organizations are unable to keep pace with nimble attackers and dynamic enterprise environments.

Without a unifying and highly automated way to deploy and manage security services, organizations are unable to keep pace with nimble attackers and dynamic enterprise environments.

 

Continuing our Multi-Service Security Approach with More Firepower

Cisco is focused on solving the integration, performance, and security effectiveness challenges that plague legacy security architectures and put service providers, their customers and data at risk. Threat-centric security is the foundation of Cisco’s Evolved Programmable Network (EPN) and Cisco Evolved Services Platform (ESP), with comprehensive threat protection across the attack continuum before, during and after an attack.

Our unique threat-focused approach is available with the Cisco Firepower™ 9300 Security Appliance and the Cisco Firepower 4100 Series high-performance carrier-class security platforms. Both platforms can deliver multiple Cisco security services, including the Cisco ASA firewall, Cisco Firepower next-generation firewall (NGFW) that includes URL filtering, application control (AVC), Cisco next-generation IPS (NGIPS), and Cisco Advanced Malware Protection (AMP). The platforms can also support 3rd party software such as the Radware DefensePro distributed denial-of-service (DDoS) mitigation capability.

The Firepower platforms are key components of Cisco’s vision for consistent security policies across physical, virtual, and cloud environments. With these security appliances, Cisco provides an optimized solutions for service provider security by utilizing containerization of its own and partner security services. Advanced threats are identified, contained and remediated without inhibiting service delivery or network flexibility, speed or scalability. With Cisco Firepower platform’s unique security and open network approach, service providers can realize enhanced agility, reduced expense, and increased revenue.

As ever, we don’t want you to only take our word for it. We take third-party validation very seriously, and Light Reading recently commissioned independent test lab European Advanced Networking Test Center AG (EANTC) to evaluate Cisco’s threat-centric security solutions. The result from EANTC is the industry’s first, third party validation of physical and virtual security solutions for securing SP cloud and NFV environments. The products tested include Firepower 9300, ASAv, NGIPSv, WSAv, ESAv, and Radware DefensePro. EANTC validated that Cisco’s threat centric approach to security. The comprehensive battery of tests demonstrated industry-leading performance and security effectiveness for service providers. You can read more about the test methods and results here.

One Size Does Not Fit All

It’s not just platforms and virtual appliances that Service Providers are looking for. They also want to leverage cloud-delivered security as a service to bolster the offerings they provide their end-user customers. EANTC testing underscored the need for end-to-end security solutions across physical and virtual form factors at the customer premise, service provider edge, and cloud data center.

Take the case of our customer: Exaprobe, Europe-based managed service provider and system integrator. Exaprobe leverages Cisco’s Hosted Security as a Service (HSS) Solution to deliver cloud-based security services or network function virtualization (NFV) to deliver comprehensive cloud-based web security, email security, and advanced malware protection to protect against the most advanced cyber attacks. The offering ensures that sophisticated threats are identified, contained and remediated — all without inhibiting service delivery, network agility, speed or scalability. HSS bundles virtual instances of Cisco’s industry-leading security solutions running on top of Cisco UCS server infrastructure. To learn more, read the Exaprobe blog here.

For Service Providers, security has never been more important, and answering the question “Are we secure and are our customers secure?” has never been higher on their agenda. When done properly, security can be a business enabler. But as SPs build out their security capabilities, the lack of integrated solutions yields lower threat effectiveness and inevitably leads to an explosion of complexity and cost. Hackers are increasingly targeting service providers and their enterprise customers with sophisticated assaults on the ever-broadening attack surface presented by new mobile services, expanded network connections, and device proliferation. Service providers seeking to adopt market leading security solutions turn to Cisco for appliances, integrated platforms and hosted services to increase security effectiveness without adding to the security sprawl that proliferates with point products. Security is an essential business enabler for service providers. Cisco’s threat-centric security solutions validated by EANTC help service providers to move confidently and adopt end-to-end security solutions to drive forward with NFV and cloud initiatives and more safely participate in the digital age. Service Providers trust Cisco to work with them to protect their business and their customers – before, during and after an attack.

Tags:

All comments in this blog are held for moderation. Your comment will not display until it has been approved

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments

  1. As the previous poster said, I appreciate your input on the topic of "Complexity" and what Cisco is doing to reduce it. Look forward to your next blog.

  2. Well said Scott. Thank you for making a very complex, "cloudy", topic much more clear to me. It is VERY timely information.

Share
tweet